[Japanese]

JVNDB-2005-000758

msearch directory traversal vulnerability

Overview

msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Unicode version of msearch
  • Unicode msearch ver.1.51
kiteya.net
  • msearch ver.1.50 and 1.51

Impact

A remote attacker could view msearch configuration files, index files, and other files written in the same format as these files.
Solution

Vendor Information

Unicode version of msearch kiteya.net
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#8BAAAB4E
Revision History

  • [2008/05/21]
      Web page published

Date Public2005/03/08
Date First Published2008/05/21
Date Last Updated2008/05/21